From: Philippe Antoine <contact@catenacyber.fr>
Date: Tue, 16 Mar 2021 12:07:30 +0000 (+0100)
Subject: http2: adds check about dynamic headers table size
X-Git-Tag: suricata-6.0.3~40
X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=2504b96c48b09d3a40f496f1c26b2aec1bf14246;p=thirdparty%2Fsuricata.git

http2: adds check about dynamic headers table size

(cherry picked from commit 3de0123ffbf355e3d3de318080f18bd639ec9beb)
---

diff --git a/rust/src/http2/parser.rs b/rust/src/http2/parser.rs
index 61e4557f6a..3054a5c436 100644
--- a/rust/src/http2/parser.rs
+++ b/rust/src/http2/parser.rs
@@ -564,7 +564,9 @@ fn http2_parse_headers_block_dynamic_size<'a>(
     if (maxsize2 as usize) < dyn_headers.max_size {
         //dyn_headers.max_size is updated later with all headers
         //may evict entries
-        while dyn_headers.current_size > (maxsize2 as usize) {
+        while dyn_headers.current_size > (maxsize2 as usize) && dyn_headers.table.len() > 0 {
+            // we check dyn_headers.table as we may be in best effort
+            // because the previous maxsize was too big for us to retain all the headers
             dyn_headers.current_size -=
                 32 + dyn_headers.table[0].name.len() + dyn_headers.table[0].value.len();
             dyn_headers.table.remove(0);